A memory exhaustion vulnerability has been found in Digium Asterisk. The vulnerability is due to the use of a user-controlled size value in a memory allocation without validation.

A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the HTTP management interface of a vulnerable version of Asterisk. Successful exploitation would result in the service's inability to allocate memory and possibly termination of the vulnerable program denying service to legitimate users.